001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.pacl;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.security.lang.PortalSecurityManagerThreadLocal;
020    import com.liferay.portal.service.impl.PortalServiceImpl;
021    import com.liferay.portal.spring.aop.ChainableMethodAdvice;
022    
023    import java.lang.reflect.Method;
024    
025    import org.aopalliance.intercept.MethodInvocation;
026    
027    /**
028     * @author Brian Wing Shun Chan
029     */
030    public class PACLAdvice extends ChainableMethodAdvice {
031    
032            @Override
033            public Object invoke(MethodInvocation methodInvocation) throws Throwable {
034                    if (!PortalSecurityManagerThreadLocal.isEnabled()) {
035    
036                            // Proceed so that we do not remove the advice
037    
038                            try {
039                                    return methodInvocation.proceed();
040                            }
041                            catch (Throwable throwable) {
042                                    throw throwable;
043                            }
044                    }
045    
046                    if (!PACLPolicyManager.isActive()) {
047                            serviceBeanAopCacheManager.removeMethodInterceptor(
048                                    methodInvocation, this);
049    
050                            try {
051                                    return methodInvocation.proceed();
052                            }
053                            catch (Throwable throwable) {
054                                    throw throwable;
055                            }
056                    }
057    
058                    Object thisObject = methodInvocation.getThis();
059                    Method method = methodInvocation.getMethod();
060                    Object[] arguments = methodInvocation.getArguments();
061    
062                    boolean debug = false;
063    
064                    if (_log.isDebugEnabled()) {
065                            Class<?> clazz = thisObject.getClass();
066    
067                            String className = clazz.getName();
068    
069                            if (className.equals(PortalServiceImpl.class.getName()) ||
070                                    className.equals(_ENTRY_LOCAL_SERVICE_IMPL_CLASS_NAME) ||
071                                    className.equals(_STATUS_LOCAL_SERVICE_IMPL_CLASS_NAME)) {
072    
073                                    debug = true;
074    
075                                    _log.debug(
076                                            "Intercepting " + className + "#" + method.getName());
077                            }
078                    }
079    
080                    if (method.getDeclaringClass() == Object.class) {
081                            String methodName = method.getName();
082    
083                            if (methodName.equals("equals")) {
084                                    if (thisObject == arguments[0]) {
085                                            return true;
086                                    }
087                                    else {
088                                            return false;
089                                    }
090                            }
091                            else if (methodName.equals("toString")) {
092                                    return method.invoke(thisObject, arguments);
093                            }
094                    }
095    
096                    if (!PACLPolicyManager.isActive()) {
097                            return method.invoke(thisObject, arguments);
098                    }
099    
100                    PACLPolicy paclPolicy = PACLClassUtil.getPACLPolicy(false, debug);
101    
102                    if (debug) {
103                            if (paclPolicy != null) {
104                                    _log.debug(
105                                            "Retrieved PACL policy for " +
106                                                    paclPolicy.getServletContextName());
107                            }
108                    }
109    
110                    if (paclPolicy == null) {
111                            return methodInvocation.proceed();
112                    }
113    
114                    if (!paclPolicy.hasPortalService(thisObject, method, arguments)) {
115                            throw new SecurityException("Attempted to invoke " + method);
116                    }
117    
118                    boolean checkSQL = PortalSecurityManagerThreadLocal.isCheckSQL();
119    
120                    try {
121                            Class<?> thisObjectClass = thisObject.getClass();
122    
123                            if (paclPolicy.getClassLoader() !=
124                                            PACLClassLoaderUtil.getClassLoader(thisObjectClass)) {
125    
126                                    // Disable the portal security manager so that PACLDataSource
127                                    // does not try to check access to tables that can be accessed
128                                    // since the service is already approved
129    
130                                    PortalSecurityManagerThreadLocal.setCheckSQL(false);
131                            }
132    
133                            return methodInvocation.proceed();
134                    }
135                    finally {
136                            PortalSecurityManagerThreadLocal.setCheckSQL(checkSQL);
137                    }
138            }
139    
140            private static final String _ENTRY_LOCAL_SERVICE_IMPL_CLASS_NAME =
141                    "com.liferay.chat.service.impl.EntryLocalServiceImpl";
142    
143            private static final String _STATUS_LOCAL_SERVICE_IMPL_CLASS_NAME =
144                    "com.liferay.chat.service.impl.StatusLocalServiceImpl";
145    
146            private static Log _log = LogFactoryUtil.getLog(PACLAdvice.class);
147    
148    }